Significant benefits are associated with adopting cloud services including lower capital expenditures, less need for on-site support and improved scalability and flexibility. We've all heard "Well, the cloud is going to change everything."
That's all well and good—very good, but migrating to the cloud also carries with it data security risks and legal and regulatory compliance obligations. In fact, nothing really changes as far as an organization's security and compliance obligations just because they move a service to the cloud. No auditor will accept the answer of "Oh, well that is a cloud service so we really don't fully understand who has access to what and why".
It was fascinating to read the summary of Security of Cloud Computing Users:A Study of Practitioners in the US & Europe* which findings show that about half of the respondents don't believe their organization has thoroughly vetted cloud services for security risks prior to deployment! This is a huge "red flag" of opportunity for VARs, System Integrators and Managed Service Providers! You can be the driving force for helping organizations move to the cloud in a secure, policy-driven and compliant manner—and profit handsomely from doing so.
When migrating your clients to the cloud, be diligent when it comes to their security obligations. In practice, an organization should:
- Have a well documented data security and network access program that applies to its computing operations no matter where they occur
- When employees leave the company, physical and electronic access to data and applications should be immediately blocked, no matter where they reside, including deactivating their passwords and user names
- Companies must require their third-party service providers to contractually agree that they have appropriate security measures for personal information
- Companies must require their third-party service providers to either provide ongoing compliance reporting or to stream security information and events back to the company in a secure manner
So, is cloud computing going to change everything? If anything, cloud computing needs to ease the overhead of security and compliance for organizations, but the fundamental security and compliance aspects of knowing and being able to prove "who accessed what, when and why" are not going anywhere.
How is cloud computing changing the way you work with your clients?
*Conducted by Ponemon Institute and sponsored by CA Technologies